From: Tom Talpey <tom@talpey.com>
To: Stefan Metzmacher <metze@samba.org>,
Long Li <longli@exchange.microsoft.com>,
Steve French <sfrench@samba.org>,
linux-cifs@vger.kernel.org, samba-technical@lists.samba.org,
linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org,
Christoph Hellwig <hch@infradead.org>,
Tom Talpey <ttalpey@microsoft.com>,
Matthew Wilcox <mawilcox@microsoft.com>,
Stephen Hemminger <sthemmin@microsoft.com>
Subject: Re: [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
Date: Sat, 22 Sep 2018 10:16:51 -0700 [thread overview]
Message-ID: <699de6ba-201a-fd4f-bcac-234e13f33afc@talpey.com> (raw)
In-Reply-To: <a7680efb-6ecf-0f70-2fde-55c2b69b534b@samba.org>
On 9/21/2018 8:56 PM, Stefan Metzmacher wrote:
> Hi,
>
>>> + req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
>>> + if (need_invalidate)
>>> + req->Channel = SMB2_CHANNEL_RDMA_V1;
>>> + req->ReadChannelInfoOffset =
>>> + offsetof(struct smb2_read_plain_req, Buffer);
>>> + req->ReadChannelInfoLength =
>>> + sizeof(struct smbd_buffer_descriptor_v1);
>>> + v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
>>> + v1->offset = rdata->mr->mr->iova;
>>
>> It's unnecessary, and possibly leaking kernel information, to use
>> the IOVA as the offset of a memory region which is registered using
>> an FRWR. Because such regions are based on the exact bytes targeted
>> by the memory handle, the offset can be set to any value, typically
>> zero, but nearly arbitrary. As long as the (offset + length) does
>> not wrap or otherwise overflow, offset can be set to anything
>> convenient.
>>
>> Since SMB reads and writes range up to 8MB, I'd suggest zeroing the
>> least significant 23 bits, which should guarantee it. The other 41
>> bits, party on. You could randomize them, pass some clever identifier
>> such as MID sequence, whatever.
>
> I just tested that setting:
>
> mr->iova &= (PAGE_SIZE - 1);
> mr->iova |= 0xFFFFFFFF00000000;
>
> after the ib_map_mr_sg() and before doing the IB_WR_REG_MR, seems to work.
Good! As you know, we were concerned about it after seeing that
the ib_dma_map_sg() code was unconditionally setting it to the
dma_mapped address. By salting those FFFF's with varying data,
this should give your FRWR regions stronger integrity in addition
to not leaking kernel "addresses" to the wire.
Tom.
next prev parent reply other threads:[~2018-09-22 17:16 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-07 8:54 [Patch v7 00/22] CIFS: Implement SMB Direct protocol Long Li
2017-11-07 8:54 ` [Patch v7 01/22] CIFS: SMBD: Add parameter rdata to smb2_new_read_req Long Li
[not found] ` <20171107085514.12693-2-longli-Lp/cVzEoVyZiJJESP9tAQJZ3qXmFLfmx@public.gmane.org>
2017-11-16 23:06 ` Pavel Shilovskiy
2017-11-20 5:28 ` Leif Sahlberg
2017-11-07 8:54 ` [Patch v7 04/22] CIFS: SMBD: Add SMB Direct protocol initial values and constants Long Li
[not found] ` <20171107085514.12693-5-longli-Lp/cVzEoVyZiJJESP9tAQJZ3qXmFLfmx@public.gmane.org>
2017-11-20 5:31 ` Leif Sahlberg
2017-11-07 8:54 ` [Patch v7 05/22] CIFS: SMBD: Establish SMB Direct connection Long Li
[not found] ` <20171107085514.12693-6-longli-Lp/cVzEoVyZiJJESP9tAQJZ3qXmFLfmx@public.gmane.org>
2017-11-20 1:36 ` ronnie sahlberg
2017-11-20 5:46 ` Leif Sahlberg
[not found] ` <817309867.28473523.1511156807466.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-11-20 6:07 ` Long Li
2017-11-07 8:54 ` [Patch v7 07/22] CIFS: SMBD: Implement function to create a " Long Li
[not found] ` <20171107085514.12693-1-longli-Lp/cVzEoVyZiJJESP9tAQJZ3qXmFLfmx@public.gmane.org>
2017-11-07 8:54 ` [Patch v7 02/22] CIFS: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT Long Li
[not found] ` <20171107085514.12693-3-longli-Lp/cVzEoVyZiJJESP9tAQJZ3qXmFLfmx@public.gmane.org>
2017-11-16 23:08 ` Pavel Shilovskiy
2017-11-20 5:28 ` Leif Sahlberg
2017-11-07 8:54 ` [Patch v7 03/22] CIFS: SMBD: Add rdma mount option Long Li
[not found] ` <20171107085514.12693-4-longli-Lp/cVzEoVyZiJJESP9tAQJZ3qXmFLfmx@public.gmane.org>
2017-11-16 23:18 ` Pavel Shilovskiy
2017-11-20 5:30 ` Leif Sahlberg
2017-11-07 8:54 ` [Patch v7 06/22] CIFS: SMBD: export protocol initial values Long Li
[not found] ` <20171107085514.12693-7-longli-Lp/cVzEoVyZiJJESP9tAQJZ3qXmFLfmx@public.gmane.org>
2017-11-20 7:37 ` Leif Sahlberg
2017-11-20 16:55 ` Steve French
2017-11-07 8:55 ` [Patch v7 08/22] CIFS: SMBD: Upper layer connects to SMBDirect session Long Li
2017-11-07 8:55 ` [Patch v7 15/22] CIFS: SMBD: Upper layer receives data via RDMA receive Long Li
2017-11-21 5:16 ` [Patch v7 00/22] CIFS: Implement SMB Direct protocol Steve French
2017-11-07 8:55 ` [Patch v7 09/22] CIFS: SMBD: Implement function to reconnect to a SMB Direct transport Long Li
2017-11-07 8:55 ` [Patch v7 10/22] CIFS: SMBD: Upper layer reconnects to SMB Direct session Long Li
2017-11-07 8:55 ` [Patch v7 11/22] CIFS: SMBD: Implement function to destroy a SMB Direct connection Long Li
2017-11-07 8:55 ` [Patch v7 12/22] CIFS: SMBD: Upper layer destroys SMB Direct session on shutdown or umount Long Li
2017-11-07 8:55 ` [Patch v7 13/22] CIFS: SMBD: Set SMB Direct maximum read or write size for I/O Long Li
2017-11-07 8:55 ` [Patch v7 14/22] CIFS: SMBD: Implement function to receive data via RDMA receive Long Li
2017-11-07 8:55 ` [Patch v7 16/22] CIFS: SMBD: Implement function to send data via RDMA send Long Li
2017-11-07 8:55 ` [Patch v7 17/22] CIFS: SMBD: Upper layer sends " Long Li
2017-11-07 8:55 ` [Patch v7 18/22] CIFS: SMBD: Implement RDMA memory registration Long Li
2017-11-07 8:55 ` [Patch v7 19/22] CIFS: SMBD: Upper layer performs SMB write via RDMA read through " Long Li
2017-11-07 8:55 ` [Patch v7 20/22] CIFS: SMBD: Read correct returned data length for RDMA write (SMB read) I/O Long Li
2017-11-07 8:55 ` [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration Long Li
2018-09-19 5:59 ` Tom Talpey
2018-09-20 17:01 ` Long Li
2018-09-22 3:56 ` Stefan Metzmacher
2018-09-22 17:16 ` Tom Talpey [this message]
2018-09-23 21:24 ` Stefan Metzmacher
2018-09-24 4:00 ` Tom Talpey
2018-09-24 4:07 ` Stefan Metzmacher
2017-11-07 8:55 ` [Patch v7 22/22] CIFS: SMBD: Add SMB Direct debug counters Long Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=699de6ba-201a-fd4f-bcac-234e13f33afc@talpey.com \
--to=tom@talpey.com \
--cc=hch@infradead.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=longli@exchange.microsoft.com \
--cc=mawilcox@microsoft.com \
--cc=metze@samba.org \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
--cc=sthemmin@microsoft.com \
--cc=ttalpey@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox